stackoom
  简体   繁体   中英

Where does User Login Logic Belong? 3-Tier Application

 原文  2014-05-21 19:57:47       c#/ .net/ security/ architecture/ n-tier-architecture

Question

I was wondering where user login logic resides in a typical application. In my current App, it seems that the best place would be the UI layer. So if the business layer is ever ported to a new platform (desktop-WPF to webpage for example) the respective platforms would handle their own security. This also seems to follow inline with responsibility principles. For example, my business layer doesn't care if a user is logged in, it only cares that a component has requested a piece of processed data. Likewise my UI layer definitely cares if a user is logged in because it has to know what controls or actions to make visible.

The problem is, logging a user in requires access to the data layer. which the UI layer obviously doesn't have.

If I put the user login component in a shared "common" project, circular dependencies arise.

Is the best practice really to put the user login logic in the business layer?

I'm just interested in common practice patterns or your reasoning for having it in the UI layer vs the Business layer or vice versa or something I haven't thought of.

Thanks!

2 answers

solution1
 4 ACCPTED  2014-05-21 20:16:14

Most enterprise level applications I have seen implement some form of Security layer which is usually independent and may contain roles, permissions, and login methods. This is usually the security guard that returns whether or not a user has access to a specified resource. This Security layer will usually also have its own data access layer.

solution2
 1  2014-05-21 20:54:24

Here is a sample of how I've laid out security for an application.

  1. User credentials passed in. The presenter forwards credentials to security layer
  2. The security layer maintains its own communication with a DAL. Could be separate from the rest of the B/L.
  3. DAL returns data to security which is tokenized or given a security key.
  4. Security passes the token or security key back to the presenter/controller for the application
  5. Application wraps or includes the token or security key with all transactions.

The B/L here can then validate the token/key with Security before processing any transaction. 安全样本

My references basically lay out like so:
域名参考

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to fix this 3-tier Login form? .NET Desktop Application (Service) 3-tier application Where does formatting logic belong with MVC? Navigate Through records in 3-tier application Where should Model reside in case of 3-tier Domain Driven designed application? If Entity Framework / DbContext is the DAL / Repository, where does it fit within 3-tier architecture? Where to place calculation logic in N-Tier C# application Where do objects merge/join data in a 3-tier model? Where to locate custom membership, roles, profile providers in a 3-tier setup? 3-tier MVC application using Unit of Work and Repository pattern
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM